×
Namespaces

Variants
Actions

How to implement MD5 encryption in PHP

From Nokia Developer Wiki
Jump to: navigation, search
Article Metadata
Article
Created: Maveric (09 Mar 2012)
Last edited: hamishwillee (31 Jul 2012)

This article explains how to implement MD5 encryption in PHP


Contents

Introduction

The md5() function of PHP uses the RSA Data Security, Inc. MD5 Message-Digest Algorithm, and calculates the MD5 hash of a string.

RFC 1321 definition:

The MD5 Message-Digest Algorithm: "The MD5 message-digest algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA." This function returns the calculated MD5 hash on success, or FALSE on failure.

Syntax

md5(string,raw)

Parameter "string" is required. It will represent the string value to be calculated. Parameter "raw" is optional. It specifies if the output will be in hex or binary format. In case it is set to "TRUE" - Raw 16 character binary format is used. In case it is set to "FALSE" - This is the default and equals to a 32 character hex number.

Prerequisites

-PHP installed localhost or remote host (this example uses v. 5.4). -Code editor of your choise.


Example code

The resulted MD5 hash is not random, but everytime the same password is encrypted the result will be the same.

$password="maveric";
$encrypted_password=md5($password);
echo $encrypted_password; //displays the hash version of the password string


This is one way encryption. E.g. in login case the password stored from the user into the database must be rehashed again to be able to compare the hashes entered and that in the database.

The following form demonstrates the use of a login page.

The PHP code part is to run when the if clause equals to true. It will first check if the input type has been set (isset()), that the form therefore has been submitted. It contains a check for an empty password too.

If the password is empty then the user is requested kindly to enter one.

The hash.txt file will be then opened (or if database used then compared to the value of field there).

<?php
if (isset($_POST['user_password'])&&!empty($POST['user_password'])){
$user_password = md5($_POST['user_password']);
 
$filename = 'hash.txt';
$handle = fopen($filename, 'r');
$file_password = fread($handle, filesize($filename)); //contains the hash
 
if ($user_password==$file_password) {
echo 'Correct password.';
 
}else{
echo 'Please enter your password.';
}
?>
 
<form action="index.php" method="POST">
Password: <input type="text" name="user_password"><br><br>
<input type="submit" value="Submit">
</form>


Note: Please do change the Password input type to "password" if you use the code live, this is to ensure that nobody can shoulder surf to see the password.

The reason for MD5 hash, even it is the most secure, is that it secures the data in the database in case that the database would be compromised. So, for a table of the users there would be no freeform password but the MD5 encrypted hashes instead. The following piece of code is an example of code used against a database.

// encrypt password
$encrypted_mypassword=md5($mypassword);
 
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$encrypted_mypassword'";
$result=mysql_query($sql);

Tested with

PHP 5.4

This page was last modified on 31 July 2012, at 10:29.
163 page views in the last 30 days.